package com.centit.support.security;

import com.centit.support.common.ObjectException;
import com.centit.support.compiler.ConstDefine;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Locale;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:com/centit/support/security/SM2Util.class */
public abstract class SM2Util {
    public static final String CRYPTO_NAME_SM2 = "sm2p256v1";

    public static String obtainPublicKey(String str) {
        try {
            String hexString = Hex.toHexString(((X509Certificate) new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(Base64.decodeBase64(str)))).getPublicKey().getEncoded());
            return hexString.length() > 130 ? hexString.substring(hexString.length() - ConstDefine.FUNC_MONTH_SPAN) : hexString;
        } catch (Exception e) {
            throw new ObjectException(ObjectException.DATA_VALIDATE_ERROR, "证书解析错误，请检查证书格式！", e);
        }
    }

    public static byte[] encryptUsePublicKey(byte[] bArr, String str) {
        if (str.length() == 128) {
            str = "04" + str;
        } else if (str.length() > 500) {
            str = obtainPublicKey(str);
        }
        X9ECParameters byName = GMNamedCurves.getByName(CRYPTO_NAME_SM2);
        ECPublicKeyParameters eCPublicKeyParameters = new ECPublicKeyParameters(byName.getCurve().decodePoint(Hex.decode(str)), new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN()));
        SM2Engine sM2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        sM2Engine.init(true, new ParametersWithRandom(eCPublicKeyParameters, new SecureRandom()));
        try {
            return sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (Exception e) {
            System.out.println("SM2公钥加密时出现异常:" + e.getMessage());
            return null;
        }
    }

    public static byte[] decryptUserPrivateKey(byte[] bArr, String str) {
        BigInteger bigInteger = new BigInteger(str, 16);
        X9ECParameters byName = GMNamedCurves.getByName(CRYPTO_NAME_SM2);
        ECPrivateKeyParameters eCPrivateKeyParameters = new ECPrivateKeyParameters(bigInteger, new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN()));
        SM2Engine sM2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        sM2Engine.init(false, eCPrivateKeyParameters);
        try {
            return sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println("SM2私钥解密时出现异常:" + e.getMessage());
            return null;
        }
    }

    public static Pair<String, String> generateKey(boolean z) {
        try {
            ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(CRYPTO_NAME_SM2);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", (Provider) new BouncyCastleProvider());
            keyPairGenerator.initialize(eCGenParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return Pair.of(Hex.toHexString(generateKeyPair.getPublic().getQ().getEncoded(z)), Hex.toHexString(generateKeyPair.getPrivate().getD().toByteArray()));
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            return Pair.of("error", e.getMessage());
        }
    }

    public static Pair<String, String> generateSm2Keys(boolean z) {
        X9ECParameters byName = GMNamedCurves.getByName(CRYPTO_NAME_SM2);
        ECDomainParameters eCDomainParameters = new ECDomainParameters(byName.getCurve(), byName.getG(), byName.getN());
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        eCKeyPairGenerator.init(new ECKeyGenerationParameters(eCDomainParameters, new SecureRandom()));
        AsymmetricCipherKeyPair generateKeyPair = eCKeyPairGenerator.generateKeyPair();
        return Pair.of(Hex.toHexString(generateKeyPair.getPublic().getQ().getEncoded(z)).toUpperCase(Locale.ROOT), generateKeyPair.getPrivate().getD().toString(16).toUpperCase(Locale.ROOT));
    }

    public static byte[] sign(byte[] bArr, String str) {
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            X9ECParameters byName = GMNamedCurves.getByName(CRYPTO_NAME_SM2);
            ECParameterSpec eCParameterSpec = new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
            KeyFactory keyFactory = KeyFactory.getInstance("EC", (Provider) bouncyCastleProvider);
            Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), (Provider) bouncyCastleProvider);
            signature.initSign(keyFactory.generatePrivate(new ECPrivateKeySpec(new BigInteger(str, 16), eCParameterSpec)));
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new ObjectException(e);
        }
    }

    public static boolean verify(byte[] bArr, String str, byte[] bArr2) {
        if (str.length() == 128) {
            str = "04" + str;
        }
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            X9ECParameters byName = GMNamedCurves.getByName(CRYPTO_NAME_SM2);
            ECParameterSpec eCParameterSpec = new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
            KeyFactory keyFactory = KeyFactory.getInstance("EC", (Provider) bouncyCastleProvider);
            Signature signature = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), (Provider) bouncyCastleProvider);
            signature.initVerify((PublicKey) keyFactory.generatePublic(new ECPublicKeySpec(byName.getCurve().decodePoint(Hex.decode(str)), eCParameterSpec)));
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new ObjectException(e);
        }
    }

    public static boolean certVerify(byte[] bArr, String str, String str2) {
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            byte[] decode = Hex.decode(str2);
            X509Certificate x509Certificate = (X509Certificate) new CertificateFactory().engineGenerateCertificate(new ByteArrayInputStream(Hex.decode(str)));
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), (Provider) bouncyCastleProvider);
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            return signature.verify(decode);
        } catch (Exception e) {
            throw new ObjectException(e);
        }
    }

    public static byte[] toAniBytes(byte[] bArr) throws IOException {
        byte[] bArr2 = new byte[32];
        System.arraycopy(bArr, 1, bArr2, 0, 32);
        ASN1Integer aSN1Integer = new ASN1Integer(bArr2);
        System.arraycopy(bArr, 33, bArr2, 0, 32);
        ASN1Integer aSN1Integer2 = new ASN1Integer(bArr2);
        System.arraycopy(bArr, 65, bArr2, 0, 32);
        DEROctetString dEROctetString = new DEROctetString(bArr2);
        int length = bArr.length - 97;
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 97, bArr3, 0, length);
        DEROctetString dEROctetString2 = new DEROctetString(bArr3);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(aSN1Integer);
        aSN1EncodableVector.add(aSN1Integer2);
        aSN1EncodableVector.add(dEROctetString);
        aSN1EncodableVector.add(dEROctetString2);
        return new DERSequence(aSN1EncodableVector).getEncoded();
    }

    public static byte[] obtainAniBytes(byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
                byteArrayOutputStream.write(4);
                ASN1Sequence readObject = aSN1InputStream.readObject();
                for (int i = 0; i < 4; i++) {
                    byte[] encoded = readObject.getObjectAt(i).toASN1Primitive().getEncoded();
                    byteArrayOutputStream.write(encoded, 2, encoded.length - 2);
                }
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byteArrayOutputStream.close();
                byteArrayInputStream.close();
                return byteArray;
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
